Closed
Bug 764402
Opened 12 years ago
Closed 12 years ago
IonMonkey: Crash [@ EnterIon] with gcPreserveCode
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 763989
People
(Reporter: decoder, Unassigned)
References
Details
(Keywords: crash, testcase, Whiteboard: [jsbugmon:update])
Crash Data
Attachments
(1 file)
1.79 KB,
text/javascript
|
Details |
The attached testcase crashes on ionmonkey revision 71b71dcbf9fe (run with --ion -n -m --ion-eager).
Reporter | ||
Comment 1•12 years ago
|
||
Valgrind trace: ==22822== Invalid read of size 1 ==22822== at 0x4032177: ??? ==22822== by 0x813237: EnterIon(JSContext*, js::StackFrame*, void*) (Ion.cpp:1110) ==22822== by 0x813530: js::ion::Cannon(JSContext*, js::StackFrame*) (Ion.cpp:1138) ==22822== by 0x52A0E4: js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (jsinterp.cpp:2544) ==22822== by 0x51B299: js::RunScript(JSContext*, JSScript*, js::StackFrame*) (jsinterp.cpp:286) ==22822== by 0x51BF4F: js::ExecuteKernel(JSContext*, JSScript*, JSObject&, JS::Value const&, js::ExecuteType, js::StackFrame*, JS::Value*) (jsinterp.cpp:474) ==22822== by 0x51C1D1: js::Execute(JSContext*, JSScript*, JSObject&, JS::Value*) (jsinterp.cpp:512) ==22822== by 0x44DEC3: EvaluateUCScriptForPrincipalsCommon(JSContext*, JSObject*, JSPrincipals*, JSPrincipals*, unsigned short const*, unsigned int, char const*, unsigned int, JS::Value*, JSVersion) (jsapi.cpp:5378) ==22822== by 0x44DF9C: JS_EvaluateUCScriptForPrincipals (jsapi.cpp:5389) ==22822== by 0x44E181: JS_EvaluateUCScript (jsapi.cpp:5423) ==22822== by 0x40A995: Evaluate(JSContext*, unsigned int, JS::Value*) (js.cpp:891) ==22822== by 0x51390A: js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), js::CallArgs const&) (jscntxtinlines.h:395) ==22822== Address 0xfffa80000c714fdb is not stack'd, malloc'd or (recently) free'd
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
Group: core-security
Reporter | ||
Comment 3•11 years ago
|
||
A testcase for this bug was already added in the original bug (bug 763989).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•